O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.
ANONYMITY, TRUST, ACCOUNTABILITY
Romek Szczesniak
Eleanor McHugh
Cryptographer
PKI & AppSec
Physicist
System Architecture
1998 InterClear CA
2003 ENUM
2006 Telnic
2011 Malta E-ID
2012 HSB...
DIGITAL IDENTITY - THE GRAIL QUEST
➤ can we create a global identity system that:
➤ nobody owns
➤ cannot be subverted
➤ wo...
CURRENT SOLUTIONS
➤ PKI
➤ SSO
➤ OpenID
➤ IAM
➤ passwords
➤ biometrics
COMMON LAW CONTRACTS & TRANSACTIONS
➤ at least one party makes an offer
➤ all parties must then reach mutual assent
➤ and h...
MOBILE DEVICES SEEM RESTRICTED
BUT THEY CAN BE ANCHORED TO A TRUSTED SERVER
A NAIVE APPROACH TO SHARING IDENTITY
➤ conventional client-server architecture
➤ A must trust B and B must trust Server
➤ ...
REDUCING IDENTITY TO A CLEAN TRANSACTION
➤ unidirectional data-flow architecture
➤ B doesn't contact Server, and V doesn't ...
IMMUTABLE PROFILES
➤ PKI certificate information - too heavy
➤ Attributes – too many, changeable
➤ SSO – not enough informa...
MANAGING A PERSON'S IDENTITIES
➤ anchor documents
➤ passport, driving licence, identity card, ...
➤ biometric stream
➤ suc...
MANAGING A PERSON'S IDENTITIES
RECEIPTS CONFIRM TRANSACTIONS
A FINE-CHAINED DISTRIBUTED LEDGER TRACKS RECEIPTS
PRODUCING A COMPLETE TRANSACTIONAL IDENTITY SYSTEM
APPLICATION: AGE VERIFICATION
APPLICATION: AGE VERIFICATION WITH SECURE CHANNEL
PATENTS
➤ US2016239658 Digital Identity
➤ US2016239653 Digital Identity
➤ US2016241532 Authentication of Web Content
➤ US2...
Próximos SlideShares
Carregando em…5
×

Anonymity, trust, accountability

298 visualizações

Publicada em

A case study in digital identity system design using the uPass system as an example of trade-offs and design decision.

Publicada em: Internet
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

Anonymity, trust, accountability

  1. 1. ANONYMITY, TRUST, ACCOUNTABILITY Romek Szczesniak Eleanor McHugh
  2. 2. Cryptographer PKI & AppSec Physicist System Architecture 1998 InterClear CA 2003 ENUM 2006 Telnic 2011 Malta E-ID 2012 HSBC GC 2014 YOTI
  3. 3. DIGITAL IDENTITY - THE GRAIL QUEST ➤ can we create a global identity system that: ➤ nobody owns ➤ cannot be subverted ➤ works on desktop, mobile & IoT ➤ embraces anonymity rather than pseudonymity ➤ anchors to real-world identity documents ➤ embraces UK common law ➤ scales to global needs ➤ transacts in < 500ms
  4. 4. CURRENT SOLUTIONS ➤ PKI ➤ SSO ➤ OpenID ➤ IAM ➤ passwords ➤ biometrics
  5. 5. COMMON LAW CONTRACTS & TRANSACTIONS ➤ at least one party makes an offer ➤ all parties must then reach mutual assent ➤ and have an intention to create legal relations ➤ an exchange of sufficient consideration must then occur ➤ identification of the parties is implicit ➤ and my be put to the test in court
  6. 6. MOBILE DEVICES SEEM RESTRICTED
  7. 7. BUT THEY CAN BE ANCHORED TO A TRUSTED SERVER
  8. 8. A NAIVE APPROACH TO SHARING IDENTITY ➤ conventional client-server architecture ➤ A must trust B and B must trust Server ➤ each link involves a request-response over HTTPS links ➤ this is noisy and each link is an attack point for flow analysis
  9. 9. REDUCING IDENTITY TO A CLEAN TRANSACTION ➤ unidirectional data-flow architecture ➤ B doesn't contact Server, and V doesn't contact B ➤ Server contacts both B and V ➤ each link is less susceptible to flow analysis
  10. 10. IMMUTABLE PROFILES ➤ PKI certificate information - too heavy ➤ Attributes – too many, changeable ➤ SSO – not enough information ➤ we need a Goldilocks solution… ➤ fixed collections of one or more attributes ➤ change attributes by creating new profiles ➤ each profile links to its antecedent ➤ use cryptography to secure the version chain
  11. 11. MANAGING A PERSON'S IDENTITIES ➤ anchor documents ➤ passport, driving licence, identity card, ... ➤ biometric stream ➤ successions of biometric captures for the person ➤ profile set ➤ a choice of user profiles ➤ credentials ➤ large ephemeral random identifiers ➤ assigned to the [user | device | profile]
  12. 12. MANAGING A PERSON'S IDENTITIES
  13. 13. RECEIPTS CONFIRM TRANSACTIONS
  14. 14. A FINE-CHAINED DISTRIBUTED LEDGER TRACKS RECEIPTS
  15. 15. PRODUCING A COMPLETE TRANSACTIONAL IDENTITY SYSTEM
  16. 16. APPLICATION: AGE VERIFICATION
  17. 17. APPLICATION: AGE VERIFICATION WITH SECURE CHANNEL
  18. 18. PATENTS ➤ US2016239658 Digital Identity ➤ US2016239653 Digital Identity ➤ US2016241532 Authentication of Web Content ➤ US2016241531 ConfidenceValues ➤ US2016239657 Digital Identity System

×